[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: case of service component in server principals

To: Norbert Klasen <klasen@zdv.uni-tuebingen.de>
Subject: Re: case of service component in server principals
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 15 Nov 2000 09:32:57 -0800
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <3A12BB36.B101354@zdv.uni-tuebingen.de>

At 05:35 PM 11/15/00 +0100, Norbert Klasen wrote:
>Hi,
>the GSSAPI mechanism included in the IBM SecureWay Directory Client SDK
>uses tickets in which the service component of the server principal is
>in capital letters, i.e. LDAP/server@REALM. 
>OpenLDAP (with Cyrus SASL and MIT krb5) expects the service to be in
>lower case though, i.e. ldap/server@REALM, and thus aborts with
>"gss_accept_sec_context: Miscellaneous failure; Wrong principal in
>request;"
>rfc1510, 7.2.1 states that the hostname must be in lower case, but what
>about the service name?

It should be lower case as well.

Kurt

References:
- case of service component in server principals
  - From: Norbert Klasen <klasen@zdv.uni-tuebingen.de>

Prev by Date: case of service component in server principals
Next by Date: SASL authcid/authzid
Index(es):
- Chronological
- Thread